This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cloudfoundry First view 2017-01-13
Product Capi-Release Last view 2019-04-17
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:* 4
cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:* 4
cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:* 4
cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:* 4
cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:* 4
cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:* 4
cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.0.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.1.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.2.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.3.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.4.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.5.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.6.0:*:*:*:*:*:*:* 3
cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:* 2
cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:* 2
cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:* 2
cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:* 2
cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:* 2
cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:* 2
cpe:2.3:a:cloudfoundry:capi-release:1.38.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.39.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.40.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.41.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.42.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.43.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.44.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.45.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.46.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.47.0:*:*:*:*:*:*:* 1
cpe:2.3:a:cloudfoundry:capi-release:1.48.0:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
7.5 2019-04-17 CVE-2019-3798

Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.

5.3 2018-04-18 CVE-2016-2169

Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.

7.5 2017-08-21 CVE-2017-8037

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.

6.6 2017-07-17 CVE-2017-8034

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

7.5 2017-01-13 CVE-2016-9882

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-200 Information Exposure
20% (1) CWE-565 Reliance on Cookies without Validation and Integrity Checking
20% (1) CWE-287 Improper Authentication
20% (1) CWE-17 Code